Docs

Docs

Accessing Authentication Data

Accessing authentication data such as username and roles on the server side, as well as transferring the data to the client.

Although authorization is defined at endpoint level (as described in the Security page), you may need to know specific authentication parameters, either in endpoint Java code or client-side code.

Server Side Access

Security Principal

Hilla authenticates each server request and, if authentication is successful, associates the request with a Java security principal. You can get the authenticated user as a UserPrincipal from the current request. You can retrieve the current request using VaadinRequest.getCurrent(). Calling getUserPrincipal() for the request returns the authenticated user, or null if the request isn’t authenticated.

@Endpoint
public class EchoEndpoint {
    @PermitAll
    public String saySomething(String message) {
        return VaadinRequest.getCurrent().getUserPrincipal().getName() + " says: " + message;
    }
}

With Spring Security

The easiest way to configure authentication is by using Spring Security, so use its API to check the user in your endpoints. In the next example, the username is checked in the Java code:

@Endpoint
public class DrawEndpoint {

    @PermitAll
    public String checkWinner() {
        Authentication auth =
            SecurityContextHolder.getContext().getAuthentication();
        if (auth != null && "peter".equals(auth.getName())) {
            return "Congrats! you are the winner.";
        }
        return "Sorry, keep looking";
    }
}

Client Side Authentication

Checking the Username

In TypeScript, there is no direct way to check whether the user is authenticated. However, you can expose a server-side endpoint that checks user privileges and returns the status.

The next example returns the username if the user is logged in; otherwise it returns the word anonymousUser:

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

@Endpoint
public class MyAppEndpoint {

    @AnonymousAllowed
    public String checkUser() {
        Authentication auth =
            SecurityContextHolder.getContext().getAuthentication();
        return auth == null ? null : auth.getName();
    }
}
import { MyAppEndpoint } from 'Frontend/generated/MyAppEndpoint';

const username = await MyAppEndpoint.checkUser();

if ('anonymousUser' === username) {
   console.log('You are an anonymous user');
} else {
   console.log('Your username is: ' + username);
}

Checking Roles

A developer might want to check whether the user can access certain services, so that the appropriate options are enabled in the application menu.

The following example exposes a method that checks whether a user is an admin user.

@Endpoint
public class MyAppEndpoint {

    @RolesAllowed("ROLE_ADMIN")
    public boolean isAdmin() {
        return true;
    }
}
import { MyAppEndpoint } from 'Frontend/generated/MyAppEndpoint';

const isAdmin = await MyAppEndpoint.checkUser().catch(() => false);

if (isAdmin) {
   console.log('You are an admin user');
} else {
   console.log('Sorry, you are not an admin user');
}